Dubbed Thunderstrike, because it spreads through maliciously modified peripheral devices that connect to a Mac's Thunderbolt interface. When plugged into a Mac that's in the process of booting up, the device injects what's known as an Option ROM into the extensible firmware interface (EFI), the firmware responsible for starting a Mac's system management mode and enabling other low-level functions before loading the OS. The Option ROM replaces the RSA encryption key Macs use to ensure only authorized firmware is installed. From there, the Thunderbolt device can install malicious firmware that can't easily be removed by anyone who doesn't have the new key.
So you could use this method to de-apple the bootloader and make your hardware yours again. You could install whatever OS you wanted on your hardware.
+Scott Wilson sounds like you probably could 🙂
+Oliver Sten I could have about a year ago. I burned out on Apple's weird hardware issues, and horrible customer service skills. I got sick of fighting them to honor their warranties. I don't like this new Apple.
+Scott Wilson ,
I hate the fact that they now solder memory and hard drives into their laptops motherboards , the final step to remove customisation from the end user.
+Oliver Sten The pile of glue they use now irks me to no end. Because fasteners are so expensive. I pay more for hardware now, but I get a much higher quality product than Apple makes.
Which brand of hardware are you referring to? +Scott Wilson
Why it is important to know your manufacturer. Tis also why Apple is so strict on compatability
+Ryan Heyworth Lately Lenovo. I'm a huge fan of their carbon fiber ultrabooks. No need for a case. Best keyboards money can buy. Tough as hell. Amazing looking. Side benefit: full Linux support. Everything works. Good battery life. Yes, it's going to cost you a lot over a similarly spec'd macbook air (about 800 more) but it's a much better laptop.
tell me something i dont already know
Need this for Apple store lol
Dude, everyone knows macs CAN'T Get viruses or malware.
Yeeaahhh, about that…
You gotta admit, this is genius. Not moral or ethical, but absolutely genius.
EFI is just wrong.
Similar exploit out for MSWindows.
+Mike Picard back in 2009 ya
apple sux nokia wins
http://www.gsmarena.com/nokia_sells_20000_n1_tablets_in_china_in_4_minutes-news-10695.php
If I have physical access to ANY computer I could hack it and leave a backdoor.
Mac, PC or Linux box.
If you have physical access to a computer there's 5000 things you can do. This isn't an apple issue, it's a physical access to an electronic device issue.
+K.B. Burnfield unless it's a Chromebook (for now) but yeah.
+Scott Wilson But like half the chromebook users out there have dev mode on anyway so they can actually do more than browse the internet.
+Alex Musick Half? Could you cite a source please?
+Scott Wilson I don't have any statistics personally, I exaggerated. I mean that a lot of them do.
But rebooting a Chromebook into Dev mode is easy as pie whether the owner had it on or not.
Turn it on, do your thing, turn it off.
+K.B. Burnfield and you won't get any of their data because it will be gone. That's the point. Chrome OS, for the moment, is immune to these types of attacks because of the aggressive boot security.
The only way this would be viable is for them to infiltrate a peripheral manufacturing company and infect a production line with the exploit which then ends up being purchased in a store somewhere. The other option of gaining physical access to the targeted computer increases the risk of being caught and receiving the ass kicking of a life time, exponentially.
Nobody's ever done that… er… well, aside from the NSA exploiting routers and all that while in transit.
Glad i am on linux.
Feel like a god with the control i have over my system.
I'm glad I run Debian GNU/Linux with LILO under BIOS and never let any one else use my computer. GRUB gets confused and thinks it's been booted with EFI.
It's a Mac with Snow Leopard and rEFIt so I never let anyone else use it. It does not have Thunderbolt, but old mini DP. Any DMA channel like FireWire could do similar, but I have USB dongles.
rEFIt and parts of BOOTCAMP provide BIOS required to set up WinVidia dismay for GNU/Linux. Can't boot MBP with ELILO unless you disable WinVidia dismay. Needs a (USB) serial port up at boot time.
Are we just gonna brag about how good our setup is? I just have a (somewhat) standard setup and accept it's never in a vulnerable position.
I've typing on a Chromebook Pixel. Done. Nothing to really change lol.
This happened to me while in Asia. I decided to distrust Apple's dev key for a variety of reasons and then was able to find 10gb of language files ( mostly Chinese) that were not there an hour prior when I checked. I then deleted them all and securely erased the trash which took 18 hours and my Mac never turned on after that and had to have both the motherboard and the ssd replaced just to see the apple logo upon boot. Before they replaced that you could hear only the start up sound but the screen remained black. Crazy shit.
Hey Paul, how could you say nobody has ever done that? Are you God or something? It's dumb asses like you that are the reason white hats are so far behind black hats and governments